MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8615169ad317d762db6aac611781bbfa7f96e977e3fcf2e5385a952c8b3a3bca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SnakeKeylogger


Vendor detections: 14


Intelligence 14 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8615169ad317d762db6aac611781bbfa7f96e977e3fcf2e5385a952c8b3a3bca
SHA3-384 hash: 3e1b13da78faa73698b6452d575e07ab5ceb9496a8bc0f8a3896fab739ced26b8eaced60a79f7cdcfb68b3472f9fdad5
SHA1 hash: 27acaaf3529a328380b08678cff025b5285206a0
MD5 hash: a0240460a569a2e87f0231f83031c929
humanhash: jupiter-papa-magazine-nine
File name:7655678987656sk.exe
Download: download sample
Signature SnakeKeylogger
Create hunting rule
File size:699'392 bytes
First seen:2023-05-31 11:47:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:zJ7AMTihh6xhZ6Orz1XBZ5ZjR1OqpZfSEAYnbV/8TP4PZujiGc4q:KMUgh8yJHHjR1LflnbVUEP0jiGc/
Threatray 4'728 similar samples on MalwareBazaar
TLSH T1E9E4E165DE9E2E3FC97869BDA131803183ECE112446FE7898E12587FC44DBB96F92053
TrID 63.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
11.2% (.SCR) Windows screen saver (13097/50/3)
9.0% (.EXE) Win64 Executable (generic) (10523/12/4)
5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon d0d6969696ccd4d6 (26 x SnakeKeylogger, 5 x RemcosRAT, 2 x Formbook)
Reporter abuse_ch
Tags:exe SnakeKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
275
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7655678987656sk.exe
Verdict:
Malicious activity
Analysis date:
2023-05-31 11:49:57 UTC
Tags:
evasion snake keylogger trojan
Link:
https://app.any.run/tasks/a03eaf78-4350-4416-a80f-82be5d4dfa12

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Snake
Create hunting rule
Link:
https://www.capesandbox.com/analysis/394077/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.6835.29719.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Creating a file
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Reading critical registry keys
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/647733f514dc34a2c279acf4/reports/69d51d38-e8c8-4cbd-aef5-51f40040badb/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/8615169ad317d762db6aac611781bbfa7f96e977e3fcf2e5385a952c8b3a3bca
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/70d2f0f7-a690-49e3-8901-eff0abd6d1f1
Result
Threat name:
Snake Keylogger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1246054
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8615169ad317d762db6aac611781bbfa7f96e977e3fcf2e5385a952c8b3a3bca/
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2023-05-31 11:48:06 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qykrngwtc7lwfw3kvrqrpan37j7zn2lx4p6pfzjylkkszcz2hpfa._file
Verdict:
malicious
Similar samples:
1cab3cdd46b235538186a04af30dd58b0e29e85baf3b650897b6c80c02950066
SnakeKeylogger
1f5f9b2d9867afa54498f1b84493d49d0ee68f42ef0aa55e9f4ca21aabf898c3
SnakeKeylogger
457f7a41b7386a19c4d44f1f3830eafefb6a5a1424337fca1c8c50f4b528d34a
SnakeKeylogger
5e5878e7c89a666a6f6c0f3ad414a7c3d47c85d8bab613343b531ef552127ee8
SnakeKeylogger
695bc93a213948c1f47efec7b35454f63ac990b04ac22ceeea852daf5e8c0451
SnakeKeylogger
c61fef7fcacfba05be6a0c2527cdde790b4a57dde45b53168fb6c415fcf2b174
SnakeKeylogger
cda24e3d3a8ba88a8d2d0dab710a930bc5ca13c1c3083971a0714fb318f8f5c8
SnakeKeylogger
e1db205d91abb43dcf76bca95eae329c435f225b2470f2659e7a0e12521f8fe0
SnakeKeylogger
f21713f098ba22b69b0303da4fe32dda9e1290f2d5986b9ff18cdd7de6f5d0ca
SnakeKeylogger
+ 4'718 additional samples on MalwareBazaar
Result
Malware family:
snakekeylogger
Create hunting rule
Score:
  10/10
Tags:
family:snakekeylogger collection keylogger spyware stealer
Link:
https://tria.ge/reports/230531-nyfc4aeg25/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Snake Keylogger
Snake Keylogger payload
Malware Config
C2 Extraction:
https://api.telegram.org/bot5514204561:AAErcjaIvflhP_Fb36V8b-2QdbJLnbLXah8/sendMessage?chat_id=1813585870
Unpacked files
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/e5f01f6e-8e1d-4377-a461-a0c2817e9d18/
SH256 hash:
2926596e00acd31c5c575056b01f0cb7498dea9549f74bd34e5085e831e7d6f9
MD5 hash:
8f6fee830697062ee74847dec156b9f4
SHA1 hash:
890f90bb3b2ca4d9585a2733e7bfa89ebaa4a20f
Link:
https://www.unpac.me/results/e5f01f6e-8e1d-4377-a461-a0c2817e9d18/
SH256 hash:
b845298489a78c7d66ba9e106de1606e64f9104b2fedc756ebe22275dbee8634
MD5 hash:
9e4440f3a14a5099078ddb26d3fef08d
SHA1 hash:
80c47af8fa3ccfabbb1ec79e7f7b03c19b337dbf
Link:
https://www.unpac.me/results/e5f01f6e-8e1d-4377-a461-a0c2817e9d18/
SH256 hash:
7264107abe740d266be11218b71aa53c23a7fbf476d2e2c851d5a9de77c6bfe3
MD5 hash:
725b3d17df85812e4bb3cfd4d95e34f3
SHA1 hash:
6540326a68e4f686ec86f809a2997f29d3b31cb9
Detections:
snake_keylogger
Create hunting rule
win_masslogger_w0
Create hunting rule
Link:
https://www.unpac.me/results/e5f01f6e-8e1d-4377-a461-a0c2817e9d18/
Parent samples :
56db43a5e7f10529eef56740be4a7f491129aab463360fbf3f5fa43145bd0f13
366f2df04086c01c5adac46c5101bb811e7182b6be6666781e31a5c37139543b
9da2be85343a64de6436061755bfdcb18bfdcfe2ad7c8f5fb80f1e4dd3099160
8615169ad317d762db6aac611781bbfa7f96e977e3fcf2e5385a952c8b3a3bca
732354f17c07ca3b384ec5c2cdceed76395fbbdf3cd9e615d2383a444e35d695
SH256 hash:
5917c787677d0a887b3c4ce3c1e0fb880b52b9879790bf4943ea7a6921d35ffa
MD5 hash:
7ebe18320c0e101865f4f43f2e43be12
SHA1 hash:
26524da1a459a9277d5fa9f3f188c5206a53e610
Link:
https://www.unpac.me/results/e5f01f6e-8e1d-4377-a461-a0c2817e9d18/
SH256 hash:
8615169ad317d762db6aac611781bbfa7f96e977e3fcf2e5385a952c8b3a3bca
MD5 hash:
a0240460a569a2e87f0231f83031c929
SHA1 hash:
27acaaf3529a328380b08678cff025b5285206a0
Link:
https://www.unpac.me/results/e5f01f6e-8e1d-4377-a461-a0c2817e9d18/
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8615169ad317/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/8615169ad317d762db6aac611781bbfa7f96e977e3fcf2e5385a952c8b3a3bca

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SnakeKeylogger

Executable exe 8615169ad317d762db6aac611781bbfa7f96e977e3fcf2e5385a952c8b3a3bca

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/394077/

Comments